Botnet Penetrates Microsoft Live Via Audio Captchas

By exploiting the vulnerabilities in audio Captchas specifically crafted to stop automated scripts to access the e-mail service, the productive spam botnet Pushdo has discovered a new method to enter Microsoft's Live.com.

By using the account created in such a way, spammers can easily distribute unwanted e-mails. Indeed, as the addresses like live.com are used by numerous authentic users, they are often whitelisted. The method offers an alternative to spammers to distribute spam via often blacklisted open mail relays.

The target here is provided with a malicious link, offering free porn, to a Yahoo Groups page, and these group pages of Yahoo changed at an interval of 60 minutes. All these pages connect back to something known as Hacked Blackbook. This Hacked Blackbook claims that its adult or pornographic images originate from the social network accounts which are hacked. Seemingly, it's a "free signup"; however, the users have to provide their personal plus credit card information to watch images or to sign up.

Named hipaudio.srf, these Captcha files are actually small WAV audio files. Users have to concentrate while listening to these files as the noise is too much that the numbers are awash. The obscure messages suggest of the shortwave radio number stations of the cold-war era reportedly used by the spy agencies.

Webroot tested some samples, and in those tested samples collected, the Trojan can send spam e-mails for duration of time before the bot is prompted by Live.com with a Captcha form. The bot acquires one of the WAV files from the server of Microsoft, and then, after waiting for 3-10 seconds, it answers to the server.

Andrew Brandt, Webroot researcher, said that when the bot was permitted in test of seven minutes to operate freely, it showed an outstanding capability to circumvent audio Captchas, as reported by The Register on March 22, 2010.

He said though the bot successfully submitted the correct response within two trials in most instances, it tried six times in one case before continuing, and once, it replied correctly the first time.

The experts commented that people have observed trojans trying to snap visual Captchas in several ways. It's the first time that they heard of a Trojan trying to break this Captcha, succeeding on its own.

Related article: Botnet Misuses Google Analytics

» SPAMfighter News - 4/1/2010